Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 1 Question 47 Discussion

[Infrastructure Security]A Security Engineer is building a Java application that is running on Amazon EC2. The application communicates with an Amazon RDS instance and authenticates with a user name and password.Which combination of steps can the Engineer take to protect the credentials and minimize downtime when the credentials are rotated? (Choose two.)
C) Configure automatic rotation of credentials in AWS Secrets Manager. and E) Configure the Java application to catch a connection failure and make a call to AWS Secrets Manager to retrieve updated credentials when the password is rotated. Grant permission to the instance role associated with the EC2 instance to access Secrets Manager. and E) Configure the Java application to catch a connection failure and make a call to AWS Secrets Manager to retrieve updated credentials when the password is rotated. Grant permission to the instance role associated with the EC2 instance to access Secrets Manager. By configuring the Java application to catch a connection failure and make a call to AWS Secrets Manager to retrieve updated credentials, you can avoid hard-coding the credentials in your application code or configuration files. This way, your application can dynamically obtain the latest credentials from Secrets Manager whenever the password is rotated, without needing to restart or redeploy the application.To enable this, you need to grant permission to the instance role associated with the EC2 instance to access Secrets Manager using IAM policies2.You can also usethe AWS SDK for Java to integrate your application with Secrets Manager3.
A) Have a Database Administrator encrypt the credentials and store the ciphertext in Amazon S3. Grant permission to the instance role associated with the EC2 instance to read the object and decrypt the ciphertext.
B) Configure a scheduled job that updates the credential in AWS Systems Manager Parameter Store and notifies the Engineer that the application needs to be restarted.
D) Store the credential in an encrypted string parameter in AWS Systems Manager Parameter Store. Grant permission to the instance role associated with the EC2 instance to access the parameter and the AWS KMS key that is used to encrypt it.

Amazon SCS-C02 Exam - Topic 1 Question 47 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 47
Topic #: 1
[All SCS-C02 Questions]

[Infrastructure Security]

A Security Engineer is building a Java application that is running on Amazon EC2. The application communicates with an Amazon RDS instance and authenticates with a user name and password.

Which combination of steps can the Engineer take to protect the credentials and minimize downtime when the credentials are rotated? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C, E, E

AWS Secrets Manager is a service that helps you manage, retrieve, and rotate secrets such as database credentials, API keys, and other sensitive information. By configuring automatic rotation of credentials in AWS Secrets Manager, you can ensure that your secrets are changed regularly and securely, without requiring manual intervention or application downtime.You can also specify the rotation frequency and the rotation function that performs the logic of changing the credentials on the database and updating the secret in Secrets Manager1.


by Clay at Jul 04, 2025, 05:04 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cordelia
6 months ago
Definitely agree with using Secrets Manager for this.
upvoted 0 times
...
Denny
6 months ago
I think D is better for managing access securely.
upvoted 0 times
...
Lizbeth
6 months ago
Not sure if catching connection failures is the best approach...
upvoted 0 times
...
Arlyne
6 months ago
Surprised that people still hard-code credentials!
upvoted 0 times
...
Barrett
6 months ago
Option C is a solid choice for automatic rotation!
upvoted 0 times
...
Ettie
7 months ago
I vaguely recall that catching connection failures in the Java app to retrieve new credentials is a valid approach, but I’m unsure if it’s the best method compared to the others listed.
upvoted 0 times
...
Georgiann
7 months ago
I practiced a similar question where we had to choose between encrypting credentials and using Secrets Manager. I feel like option C is definitely a strong choice for automatic rotation.
upvoted 0 times
...
Arminda
7 months ago
I think storing credentials in AWS Systems Manager Parameter Store is a good option, but I’m a bit confused about whether it requires a scheduled job for updates or if it can be done automatically.
upvoted 0 times
...
Isreal
7 months ago
I remember something about using AWS Secrets Manager for credential rotation, but I'm not sure if it automatically updates the application without a restart.
upvoted 0 times
...
Haydee
7 months ago
Yep, that's the right approach. I'd go with option E - configuring the Java app to catch the connection failure and fetch the updated credentials from Secrets Manager. That way, the app doesn't need to be restarted or redeployed when the credentials are rotated.
upvoted 0 times
...
Leonie
8 months ago
Okay, I think I've got a strategy here. The key is to avoid hard-coding the credentials in the application and instead use a service like Secrets Manager or Parameter Store to dynamically retrieve the credentials. That way, when they're rotated, the application can automatically pick up the new ones.
upvoted 0 times
...
Catalina
8 months ago
Hmm, I'm a bit confused by all the different AWS services mentioned. I'll need to review the details of each one to understand how they can be used to protect the credentials and minimize downtime.
upvoted 0 times
...
Desirae
8 months ago
This looks like a good question to test our understanding of credential management and rotation in a cloud environment. I think the key is to find a solution that securely stores the credentials and allows for easy rotation without disrupting the application.
upvoted 0 times
...
Sarina
10 months ago
That's a good point, Rosina. Option D does seem like a secure way to handle credentials as well.
upvoted 0 times
...
Jonelle
10 months ago
C and E, all the way! I bet the engineer who came up with this question is a secret superhero in disguise. They really know their stuff.
upvoted 0 times
Pura
8 months ago
Definitely! Those options seem like the best way to protect credentials and minimize downtime.
upvoted 0 times
...
Melodie
8 months ago
E) Configure the Java application to catch a connection failure and make a call to AWS Secrets Manager to retrieve updated credentials when the password is rotated. Grant permission to the instance role associated with the EC2 instance to access Secrets Manager.
upvoted 0 times
...
Mariann
10 months ago
C) Configure automatic rotation of credentials in AWS Secrets Manager.
upvoted 0 times
...
...
Rosina
10 months ago
I'm not sure about option C. I think option D could also be a good choice since it involves storing the credential in an encrypted parameter.
upvoted 0 times
...
Marget
10 months ago
Wait, we're supposed to choose two options? I was just going to go with E and call it a day. Guess I should read the question more carefully next time.
upvoted 0 times
...
Mari
10 months ago
This question is a piece of cake! C and E are the obvious choices. Gotta love that AWS Secrets Manager, makes life so much easier.
upvoted 0 times
Bok
10 months ago
A: Definitely, AWS Secrets Manager is a game changer. So convenient for rotating credentials.
upvoted 0 times
...
...
Billy
10 months ago
A and D seem promising. Encrypting the creds and storing them securely, then granting the EC2 instance access, sounds like a solid approach.
upvoted 0 times
Arminda
10 months ago
Configuring the Java application to retrieve updated credentials from Secrets Manager when the password is rotated can help minimize downtime and enhance security.
upvoted 0 times
...
Arlette
10 months ago
A and D are indeed good options. Encrypting the credentials and storing them securely is crucial for protecting sensitive information.
upvoted 0 times
...
...
Kimberlie
11 months ago
I'd go with C and E. Automating credential rotation and dynamically retrieving updated creds from Secrets Manager is the way to go. No more hard-coded passwords to worry about!
upvoted 0 times
Alesia
10 months ago
User 2
upvoted 0 times
...
Alpha
10 months ago
User 1
upvoted 0 times
...
...
Vesta
11 months ago
I agree with Sarina. Option C seems like the most secure and efficient way to handle credential rotation.
upvoted 0 times
...
Sarina
11 months ago
I think option C is the best choice because it allows for automatic rotation of credentials.
upvoted 0 times
...

Save Cancel